CVE-2026-44595

YAMCS yamcs-core 5.12.7 - User Enumeration

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-44595. PoCs published by Daniel Miranda.

AI-analyzed exploit summary This Python script demonstrates CVE-2026-44595, an unauthorized user enumeration vulnerability in YAMCS yamcs-core < 5.12.7. It authenticates as a low-privilege user and exploits unenforced access controls on IAM API endpoints to enumerate users and groups.

Description

YAMCS yamcs-core 5.12.7 - User Enumeration

Exploits (1)

exploitdb WORKING POC

by Daniel Miranda · pythonwebappsmultiple

https://www.exploit-db.com/exploits/52604

View Code ZIP pw:eip

This Python script demonstrates CVE-2026-44595, an unauthorized user enumeration vulnerability in YAMCS yamcs-core < 5.12.7. It authenticates as a low-privilege user and exploits unenforced access controls on IAM API endpoints to enumerate users and groups.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: YAMCS yamcs-core < 5.12.7

Auth required

Prerequisites: Valid low-privilege user credentials

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed May 31, 2026 Full analysis →

Scores

EPSS 0.0003

EPSS Percentile 8.6%

Details

Status draft

Tracked Since May 31, 2026